g7s
/
systemd-user-pam-ssh
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update for systemd 204+

Browse Source
master
Evan Purkhiser 12 years ago
parent d3312b5b06
commit 55bfc353d3
2 changed files with 10 additions and 15 deletions
Show Stats Download Patch File Download Diff File

21
README.md
Unescape Escape View File

@ -3,11 +3,8 @@
This script has a rather specific use case. If you fit the following demographic
then this script might just be for you!
* You use systemd as a user session manager (either
[this](https://github.com/sofar/user-session-units), or [this](https://github.com/EvanPurkhiser/systemd-user-sessions))
* You're systemd --user instance default target doesn't start a graphical
environment, i.e. you still need to login to activate your graphical
session
* You use systemd
* You login at the linux VT using a getty
* You have a `systemd --user` service called `ssh-agent.service` that starts
your ssh agent.
* You have to type your password a second time after logging in in order to
@ -18,17 +15,15 @@ SSH key will be decrypted and added to your ssh-agent for you.
## Usage
There are a few pre-requisites to this script:
There is one pre-requisite for this script:
1. Your systemd --user session needs to be running during login time. This won't
be a problem if you use one of the user-session services mentioned above.
2. Your systemd --user instance needs to know about the `SSH_AUTH_SOCK`. If
you're using my systemd-user-sessions package mentioned above then you will
want to add this to your `~/.config/bash/environment` file as something like
`SSH_AUTH_SOCK=$XDG_RUNTIME_DIR/ssh-agent`.
Your systemd --user instance needs to know about the `SSH_AUTH_SOCK`. If you're
using my systemd-user-sessions package mentioned above then you will want to
add this to your `~/.config/bash/environment` file as something like
`SSH_AUTH_SOCK=$XDG_RUNTIME_DIR/ssh-agent`.
To enable the script you will want to add this to your pam configuration
(probably `/etc/pam.d/system-login` or `/etc/pam.d/login`
(probably `/etc/pam.d/system-login` or `/etc/pam.d/login`)
auth optional pam_exec.so expose_authtok /path/to/the/systemd-user-pam-ssh

4
systemd-user-pam-ssh
Unescape Escape View File

@ -9,8 +9,8 @@
# Handle inital checks as root
if [ $(id -u) = 0 ]
then
# Don't execute if the user-session isn't running
systemctl -q is-active user-session@${PAM_USER} || exit 0
# Don't execute if the systemd --user instance isn't running
systemctl -q is-active user@$(id -u ${PAM_USER}) || exit 0
# Re-execute this script as the user to add their key (while piping STDIN)
cat | exec su ${PAM_USER} -c $(realpath ${BASH_SOURCE[0]})

Write Preview
Loading…
Cancel
Save